Issue
When remote authentication is configured it is not possible (out of the box) to configure local user accounts. Other then the default admin and root accounts provided.
This is also stated within the TMOS Management Guide for BIG-IP Systems, which says: “Excluding the admin account, the entire set of standard user accounts that you create for BIG-IP system administrators must reside either locally on the BIG-IP system, or remotely on another type of authentication server.”
Solution
In order to configure an additional local account when remote authentication is enabled a few extra commands are required. These are shown below,
First the account is configured within TMSH,
create auth user USERNAME role <admin/manager/operator/guest> shell <tmsh/none> partition-acces s all prompt-for-password
Next we configure the account to use local authentication.
run util bash
echo "USERNAME" >> /config/bigip/auth/localusers
sed -ri 's/(localonlyusers LT_STRING_LIST.*)"/\1 \{USERNAME\}"/' /etc/confpp.dat
- NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
- Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
- How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026
Want to become a Loadbalancers expert ?
Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
Delta Practice Tests